Regulations and guidelines exist for the protection of non-public information (NPI), personally identifiable information (PII), and payment card industry (PCI) information. Such regulations and guidelines define, among other things, how and how long certain sensitive information such as Social Security numbers and credit card numbers can be stored by a third party.
Conventional tokenization equipment is available to assist third parties in maintaining compliance with sensitive information requirements. For example, suppose that a merchant wishes to collect customer purchase habit information in order to subsequently offer special discounts and promotions to specific customers. In such a situation, the merchant can employ a tokenization server which provides the merchant with tokens corresponding to its customers. The merchant is then able to accumulate customer data (e.g., frequencies of purchases, amounts of purchases, types of products or services purchased, etc.) and link that customer data to the tokens rather than to sensitive customer information such as customer credit card numbers.
Conventional data loss prevention (DLP) software is also available to assist third parties in maintaining compliance with sensitive information regulations and guidelines. For example, DLP software may run on a computer within a company to prevent unauthorized use and transmission of sensitive employee information such as employee Social Security numbers.